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DETAILED OFFICE ACTION 

1 . Claims 1-27 are presented for examinations. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-4, 10-13, and 19-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent No. 6,289,105 to Murota in view of US Patent No. 
6,272,632 to Carman. 

As per claims 1,10, and 1 9: 

'Identifying recipients of the email message, wherein the recipients can 
include known recipients, who can be identified by examining the email 
message, and anonymous recipients, who cannot be identified by 
examining the email message" 

Figure 5 of Murota clearly illustrates a step S18 where the receivers of the email 
message are identified. 
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"Generating a session key for the email message" 

Murota teaches an encryption key generation unit 13 which is connected to a 
message encrypting unit 12 (Column 4 Line 28). Murota further teaches that the 
encryption key generation unit 13 generates an encryption key of the secret-key 
cryptography, which is to be used for encrypting the message (Column 4 Line 63). 

"Encrypting a body of the email message with the session key" 

Murota teaches a message encrypting unit 12, which encrypts the message by 
using this encryption key according to the secret-key cryptography (Column 5 Line 1). 

"Creating a recipient block for the email message that contains an entry for 
each recipient of the email message" 

Figure 4 of Murota clearly illustrates a block dedicated to the receivers of the 
message. It further illustrates a separate block for each recipient. 

"Wherein each entry in the recipient block contains the session key 
encrypted with a public key associated with the recipient to form an 
encrypted session key, so that only a corresponding private key held by 
the recipient can be used to decrypt the encrypted session key." 
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Murota teaches an encryption unit 16, which encrypts the encryption key 
according to the public-key cryptography by using each receiver's public key and sender 
key (Column 5 Line 38). 

"Wherein each entry additionally contains an identifier for the associated 
public key, so that each recipient can determine whether the recipient 
possesses the corresponding private key that can decrypt the encrypted 
session key" 

Murota teaches a receiver information 33, which describes information obtained 
by encrypting the message encryption key according to the public-key cryptography by 
using each receiver's public key (Column 6 Line 9). Murota further teaches that the 
receiver can obtain the encryption key of the email by decrypting his own encryption key 
information by using the secret key in his own possession and decrypt the email 
message by using the encryption key so obtained (Column 6 Line 24). The office 
interprets the receiver's encryption key information as an identifier for each encryption 
key so that each recipient can match the information to the information he posses to 
decrypt the session key. Furthermore, Carman teaches an encrypting system that 
generates a key recovery field (KRF) (Column 2 Line 22). The KRF includes an 
unencrypted header section and an encrypted payload section (Column 2 Line 55). The 
unencrypted header section includes a key identifier (Kl) (Column 2 Line 59). The key 
identifier uniquely identifies the public key used to encrypt the payload section (Column 
2 Line 61 ). Moreover Carman teaches that the encrypted payload section 1020 of KRF 
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1000 is encrypted using KRCpub (public key). The corresponding KRCpriv (private key) 
is stored in key recovery center (KRC) 110 and is identified by the information contained 
in KRC identifier field 101 1 and key identifier field 1012 of unencrypted header section 
1010 (Column 12 Line 41). 

"Wherein identifiers for public keys belonging to known recipients are 
statistically unique." 

Carman teaches that the KRC identifier field 101 1 and the key identifier field 
1012 can include various types of information that would uniquely identify the KRC and 
the KRCpub that is used to encrypt payload section 1020 (Column 12 Line 41). 

"Wherein identifiers for public keys belonging to anonymous recipients are 
not statistically unique." 

Carman teaches an access rule index (ARI) that is included in the unencrypted 
header section (Column 1 7 Line 51 ). ARI can appear as cleartext because the ARI 
does not represent authentication information. Knowledge of the ARI by a potential 
decryptor will not enhance the decryptor's chances of gaining unauthorized access to 
the user secret encrypted within the KRF because the ARI merely represents an index 
to an access rule. The ARI does not itself represent authentication information. In other 
words, this alternative KRF format is permissible because the ARI does not represent 
actual authentication information that will be directly used by the KRC 1 10 in 
determining whether a potential decryptor is authorized to receive the user secret 
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(Column 17 Line 54). Carman further teaches an example (Column 18 Lines 12-17) 
where based on inspection of at least the cleartext ARI, a potential decryptor selects the 
KRF.sub.i that the potential decryptor knows is associated with him. More specifically, 
the potential decryptor selects the KRF.sub.i that includes the ARI. sub. i that the 
potential decryptor knows references an AR that the potential decryptor can satisfy. This 
selected KRF.sub.i is then sent to the appropriate KRC (Column 18 Line 27). 

"Sending the email message to the recipients" 

Murota teaches a method and apparatus that comprises a sender S and 
receivers A and B where the email indicates that it is destined from Sender S to 
receivers A and B (Column 4 Line 45). 

Murota does not specifically disclose that the identifiers for public keys are 
statistically unique or not. It would have been obvious to one ordinarily skilled in the art 
at the time the invention was made to modify Murota's invention to include identifiers 
that are statistically unique for know recipients and not statistically unique for 
anonymous recipients. One would have been motivated to make such a modification in 
light of LeBourgeois's teachings that public keys thereby gradually accumulate sufficient 
"mass" to vouch for the identity of the owner of the public key (Column 2 Line 46). 
Therefore the modification permits flexible authorization-type certification while 
preserving the privacy of individual users (Column 3 Line 40). 
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As per claims 2,11, and 20: 

"Wherein identifiers for public keys belonging to anonymous recipients 
provide only enough information to exclude a large percentage of all 
possible corresponding private keys from being able to decrypt the body of 
the email message." 

Carman teaches an access rule index (ARI) that is included in the unencrypted 
header section (Column 17 Line 51). ARI can appear as cleartext because the ARI 
does not represent authentication information. Knowledge of the ARI by a potential 
decryptor will not enhance the decryptor's chances of gaining unauthorized access to 
the user secret encrypted within the KRF because the ARI merely represents an index 
to an access rule. The ARI does not itself represent authentication information. In other 
words, this alternative KRF format is permissible because the ARI does not represent 
actual authentication information that will be directly used by the KRC 1 10 in 
determining whether a potential decryptor is authorized to receive the user secret 
(Column 17 Line 54). Carman further teaches an example (Column 18 Lines 12-17) 
where based on inspection of at least the cleartext ARI, a potential decryptor selects the 
KRF. sub. i that the potential decryptor knows is associated with him. More specifically, 
the potential decryptor selects the KRF. sub. i that includes the ARI. sub. i that the 
potential decryptor knows references an AR that the potential decryptor can satisfy. This 
selected KRF.sub.i is then sent to the appropriate KRC (Column 18 Line 27). 
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As per claims 3, 12, and 21: 

"Wherein an identifier for a public key is formed by creating a hash of the 
public key." 

Murota does not specifically state that the identifier is the hash of the public key. 
Fischer teaches an invention which incorporates into a certificate a hash of an original 
signer's public key or certificate, as well as an indication (generally either the hash of 
the public key or certificate, but possibly some other abstract identifier or group code) of 
the other entities who are allowed to also sign the certificate (Column 13 Line 56), It 
would have been obvious to one ordinarily skilled in the art at the time the invention was 
made to modify Murota's invention to include identifiers that are the hashes of the public 
key. One would have been motivated to make such a modification in light of Fischer's 
teachings that including an identifier that is the hash of the public key operates to 
prevent "just anyone" from adding their signature to an existing certificate (in which case 
they might then appear to be authorized to cancel it) (Column 13 Line 52). 

As per claims 4, 13, and 22: 

"Wherein an identifier for a public key belonging to an anonymous 
recipient is additionally modified so the identifier is not statistically 
unique." 



r 
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"Whereby the identifier cannot be used to uniquely identify the anonymous 
recipients." 

"Whereby a recipient can use the identifier to exclude a large percentage of 
all possible corresponding public keys held by the recipient form matching 
the identifier." 

Carman teaches an access rule index (ARI) that is included in the unencrypted 
header section (Column 17 Line 51 ). ARI can appear as cleartext because the ARI 
does not represent authentication information. Knowledge of the ARI by a potential 
decryptor will not enhance the decryptor's chances of gaining unauthorized access to 
the user secret encrypted within the KRF because the ARI merely represents an index 
to an access rule. The ARI does not itself represent authentication information. In other 
words, this alternative KRF format is permissible because the ARI does not represent 
actual authentication information that will be directly used by the KRC 1 10 in 
determining whether a potential decryptor is authorized to receive the user secret 
(Column 17 Line 54). Carman further teaches an example (Column 18 Lines 12-17) 
where based on inspection of at least the cleartext ARI, a potential decryptor selects the 
KRF. sub. i that the potential decryptor knows is associated with him. More specifically, 
the potential decryptor selects the KRF.sub.i that includes the ARI.sub.i that the 
potential decryptor knows references an AR that the potential decryptor can satisfy. This 
selected KRF.sub.i is then sent to the appropriate KRC (Column 18 Line 27). 



Application/Control Number: 09/677,292 Page 10 

Art Unit: 2136 

4. Claims 5, 14, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent No. 6,289,105 to Murota as applied to claims 1,10, and 19 above, and 
in view of US Patent No. 6,170,744 to Lee. 

As per claims 5, 14, and 23: 

"Encrypting the body of the email message, including a checksum into the 
body of the email message, so that a recipient can examine the checksum 
to verify that the correct private key was used in decrypting the email 
message." 

Murota does not specifically disclose that a checksum is included in the method 
that involves a checksum. Lee teaches a method that includes a step of computing a 
check sum on the decrypted data symbol. The method further includes a step of 
comparing the computed check sum with a check sum value included in the data 
symbol and retrieved from the data symbol through the decrypting of the data symbol to 
determine if the decrypted data symbol is error free. The method still further includes a 
step of verifying a digital signature provided with the data symbol using a public digital 
signature key. If the comparison in the third step and the verification in the fourth step 
are successful, the data symbol is authenticated and validated (Column 21). Therefore 
it would have been obvious to one ordinarily skilled in the art to modify Murota's 
invention to include a checksum to authenticate the message in light of Lee's 
suggestion that one-way hashes are utilized in data communications systems to prevent 
what can be thought of as the "digital cloning" of data. One-way hashing is a process 
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whereby a hash value is mathematically processed to recreate the original data. One- 
way hashes mathematically ensure that the transformation that produced the unique 
hash value cannot be used in a reverse process. Furthermore, one-way hashing 
equations have been developed for which it is computationally impossible to determine 
two values that produce the same hash value. These types of one-way hashing 
equations are used in inventions to provide a fool-proof fraud prevention and 
authentication system and method (Column 7). 



5. Claims 6-9, 15-18, and 24-27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent No. 6,289,105 to Murota in view of US Patent No. 
6,272,632 to Carman, and further in view of US Patent No. 6,170,744 to Lee. 

As per claims 6, 15, and 24: 

"Receiving the email message at a recipient, where in the email message 
includes: 

A message body that has been encrypted with a session key" 

Murota teaches an encryption key generation unit 13 which is connected 
to a message encrypting unit 12 (Column 4 Line 28). Murota further teaches that 
the encryption key generation unit 13 generates an encryption key of the secret- 
key cryptography, which is to be used for encrypting the message (Column 4 
Line 63). Murota teaches that the message-encrypting unit 12 encrypts the 
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message by using this encryption key according to the secret-key cryptography 
(Column 5 Line 1). 

"A recipient block that contains an entry for each recipient of the 
email message" 

Figure 4 of Murota clearly illustrates a block dedicated to the receivers of 
the message. It further illustrates a separate block for each recipient. 

"Wherein each entry in the recipient block contains the session key 
encrypted with a public key associated with the recipient to form an 
encrypted session key" 

Murota teaches an encryption unit 16, which encrypts the encryption key 
according to the public-key cryptography by using each receiver's public key and 
sender key (Column 5 Line 38). 

"Wherein each entry additionally contains an identifier for the 
associated public key" 

Carman teaches an encrypting system that generates a key recovery field 
(KRF) (Column 2 Line 22). The KRF includes an unencrypted header section 
and an encrypted payload section (Column 2 Line 55). The unencrypted header 
section includes a key identifier (Kl) (Column 2 Line 59). The key identifier 
uniquely identifies the public key used to encrypt the payload section (Column 2 
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Line 61). Moreover Carman teaches that the encrypted payload section 1020 of 
KRF 1000 is encrypted using KRCpub (public key). The corresponding KRCpriv 
(private key) is stored in key recovery center (KRC) 110 and is identified by the 
information contained in KRC identifier field 1011 and key identifier field 1012 of 
unencrypted header section 1010 (Column 12 Line 41). 

"Wherein identifiers for public keys belonging to known recipients 
are statistically unique." 

Carman teaches that the KRC identifier field 101 1 and the key identifier 
field 1012 can include various types of information that would uniquely identify 
the KRC and the KRCpub that is used to encrypt payload section 1020 (Column 
12 Line 41). 

"Wherein identifiers for public keys belonging to anonymous 
recipients are not statistically unique." 

Carman teaches an access rule index (ARI) that is included in the 
unencrypted header section (Column 17 Line 51). ARI can appear as cleartext 
because the ARI does not represent authentication information. Knowledge of 
the ARI by a potential decryptor will not enhance the decryptor's chances of 
gaining unauthorized access to the user secret encrypted within the KRF 
because the ARI merely represents an index to an access rule. The ARI does not 
itself represent authentication information. In other words, this alternative KRF 
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format is permissible because the ARI does not represent actual authentication 
information that will be directly used by the KRC 1 10 in determining whether a 
potential decryptor is authorized to receive the user secret (Column 17 Line 54). 
Carman further teaches an example (Column 18 Lines 12-17) where based on 
inspection of at least the cleartext ARI, a potential decryptor selects the 
KRF.sub.i that the potential decryptor knows is associated with him. More 
specifically, the potential decryptor selects the KRF.sub.i that includes the 
ARI. sub. i that the potential decryptor knows references an AR that the potential 
decryptor can satisfy. This selected KRF.sub.i is then sent to the appropriate 
KRC (Column 18 Line 27). 

Murota does not specifically disclose that the identifiers for public keys are 
statistically unique or not. It would have been obvious to one ordinarily skilled in the art 
at the time the invention was made to modify Murota's invention to include identifiers 
that are statistically unique for know recipients and not statistically unique for 
anonymous recipients. One would have been motivated to make such a modification in 
light of LeBourgeois's teachings that public keys thereby gradually accumulate sufficient 
"mass" to vouch for the identity of the owner of the public key (Column 2 Line 46). 
Therefore the modification permits flexible authorization-type certification while 
preserving the privacy of individual users (Column 3 Line 40). 
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"Attempting to match a candidate public key held by the recipient with key 
identifier in the recipient block, if the candidate public key matches a key 
identifier, decrypting the associated encrypted session key using an 
associated private key to restore the session key" 

Murota teaches that the receiver of the electronic email can obtain the encryption 
key of the electronic mail message by decrypting his own encryption key information by 
using his own secret key in his own possession (Column 6 Line 24). 

"Decrypting the message body using the session key" 

Murota teaches that the receiver of the electronic email can obtain the encryption 
key of the electronic mail message by decrypting his own encryption key information by 
using his own secret key in his own possession. Murota further teaches that the 
receiver can then decrypt the electronic email message by using the encryption key so 
obtained (Column 6 Line 24). 

"Examining a checksum in the message body to verify that message body 
was correctly decrypted" 

Murota does not specifically disclose that a checksum is included in the method 
that involves a checksum. Lee teaches a method that includes a step of computing a 
check sum on the decrypted data symbol. The method further includes a step of 
comparing the computed check sum with a check sum value included in the data 
symbol and retrieved from the data symbol through the decrypting of the data symbol to 
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determine if the decrypted data symbol is error free. The method still further includes a 
step of verifying a digital signature provided with the data symbol using a public digital 
signature key. If the comparison in the third step and the verification in the fourth step 
are successful, the data symbol is authenticated and validated (Column 21). Therefore 
it would have been obvious to one ordinarily skilled in the art to modify Murota's 
invention to include a checksum to authenticate the message in light of Lee's 
suggestion that one-way hashes are utilized in data communications systems to prevent 
what can be thought of as the "digital cloning" of data. One-way hashing is a process 
whereby a hash value is mathematically processed to recreate the original data. One- 
way hashes mathematically ensure that the transformation that produced the unique 
hash value cannot be used in a reverse process. Furthermore, one-way hashing 
equations have been developed for which it is computationally impossible to determine 
two values that produce the same hash value. These types of one-way hashing 
equations are used in inventions to provide a fool-proof fraud prevention and 
authentication system and method (Column 7). 

As per claims 7, 16, and 25: 

Identifiers for public keys belonging to anonymous recipients provide only 
enough information to exclude a large percentage of all possible 
corresponding private keys from being able to decrypt the body of the 
email message." 



• 
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Carman teaches an access rule index (ARI) that is included in the unencrypted 
header section (Column 17 Line 51). ARI can appear as cleartext because the ARI 
does not represent authentication information. Knowledge of the ARI by a potential 
decryptor will not enhance the decryptbr's chances of gaining unauthorized access to 
the user secret encrypted within the KRF because the ARI merely represents an index 
to an access rule. The ARI does not itself represent authentication information. In other 
words, this alternative KRF format is permissible because the ARI does not represent 
actual authentication information that will be directly used by the KRC 1 10 in 
determining whether a potential decryptor is authorized to receive the user secret 
(Column 17 Line 54). Carman further teaches an example (Column 18 Lines 12-17) 
where based on inspection of at least the cleartext ARI, a potential decryptor selects the 
KRF. sub. i that the potential decryptor knows is associated with him. More specifically, 
the potential decryptor selects the KRF. sub. i that includes the ARI. sub. i that the 
potential decryptor knows references an AR that the potential decryptor can satisfy. This 
selected KRF. sub. i is then sent to the appropriate KRC (Column 18 Line 27). 

As per claims 8,17, and 26: 

"Wherein an identifier for a public key is formed by creating a hash of the 
public key." 

Murota does not specifically state that the identifier is the hash of the public key. 
Fischer teaches an invention which incorporates into a certificate a hash of an original 
signers public key or certificate, as well as an indication (generally either the hash of 
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the public key or certificate, but possibly some other abstract identifier or group code) of 
the other entities who are allowed to also sign the certificate (Column 13 Line 56). It 
would have been obvious to one ordinarily skilled in the art at the time the invention was 
made to modify Murota's invention to include identifiers that are the hashes of the public 
key. One would have been motivated to make such a modification in light of Fischer's 
teachings that including an identifier that is the hash of the public key operates to 
prevent "just anyone" from adding their signature to an existing certificate (in which case 
they might then appear to be authorized to cancel it) (Column 13 Line 52). 

As per claims 9, 18, and 27: 

"Wherein an identifier for a public key belonging to an anonymous 
recipient is additionally modified so the identifier is not statistically 
unique." 

"Whereby the identifier cannot be used to uniquely identify the anonymous 
recipients." 

"Whereby a recipient can use the identifier to exclude a large percentage of 
all possible corresponding public keys held by the recipient form matching 
the identifier." 

Carman teaches an access rule index (ARI) that is included in the unencrypted 
header section (Column 17 Line 51). ARI can appear as cleartext because the ARI 
does not represent authentication information. Knowledge of the ARI by a potential 
decryptor will not enhance the decryptor's chances of gaining unauthorized access to 
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the user secret encrypted within the KRF because the ARI merely represents an index 
to an access rule. The ARI does not itself represent authentication information. In other 
words, this alternative KRF format is permissible because the ARI does not represent 
actual authentication information that will be directly used by the KRC 1 10 in 
determining whether a potential decryptor is authorized to receive the user secret 
(Column 17 Line 54). Carman further teaches an example (Column 18 Lines 12-17) 
where based on inspection of at least the cleartext ARI, a potential decryptor selects the 
KRF.sub.i that the potential decryptor knows is associated with him. More specifically, 
the potential decryptor selects the KRF.sub.i that includes the ARI.sub.i that the 
potential decryptor knows references an AR that the potential decryptor can satisfy. This 
selected KRF.sub.i is then sent to the appropriate KRC (Column 18 Line 27). 



Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

The following patents and patent application publications are cited to further 
show the state of the art with respect to secure email processing systems in general: 

U.S. Patent No. 5,081,678 to Kaufman et al. 
U.S. Patent No. 5,214,702 to Fischer 
U.S. Patent No. 5,481,613 to Ford et al. 
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